Login
- Table of Contents
-
- H3C S3100-52P Operation Manual-Release 1602(V1.01)
- 00-1Cover
- 00-2Product Overview
- 01-CLI Operation
- 02-Login Operation
- 03-Configuration File Management Operation
- 04-VLAN Operation
- 05-IP Address and Performance Operation
- 06-Voice VLAN Operation
- 07-GVRP Operation
- 08-Port Basic Configuration Operation
- 09-Link Aggregation Operation
- 10-Port Isolation Operation
- 11-Port Security-Port Binding Operation
- 12-DLDP Operation
- 13-MAC Address Table Management Operation
- 14-MSTP Operation
- 15-Static Route Operation
- 16-Multicast Operation
- 17-802.1x and System Guard Operation
- 18-AAA Operation
- 19-Web Authentication Operation
- 20-MAC Address Authentication Operation
- 21-ARP Operation
- 22-DHCP Operation
- 23-ACL Operation
- 24-QoS-QoS Profile Operation
- 25-Mirroring Operation
- 26-Stack-Cluster Operation
- 27-SNMP-RMON Operation
- 28-NTP Operation
- 29-SSH Operation
- 30-File System Management Operation
- 31-FTP-SFTP-TFTP Operation
- 32-Information Center Operation
- 33-System Maintenance and Debugging Operation
- 34-VLAN-VPN Operation
- 35-HWPing Operation
- 36-IPv6 Management Operation
- 37-DNS Operation
- 38-Smart Link-Monitor Link Operation
- 39-Appendix
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 10-Port Isolation Operation | 60.41 KB |
Table of Contents
Chapter 1 Port Isolation Configuration
1.2 Port Isolation Configuration
1.3 Displaying and Maintaining Port Isolation Configuration
1.4 Port Isolation Configuration Example
Chapter 1 Port Isolation Configuration
When configuring port isolation, go to these sections for information you are interested in:
l Port Isolation Configuration
l Displaying and Maintaining Port Isolation Configuration
l Port Isolation Configuration Example
1.1 Port Isolation Overview
Through the port isolation feature, you can add the ports to be controlled into an isolation group to isolate the Layer 2 and Layer 3 data between each port in the isolation group. Thus, you can construct your network in a more flexible way and improve your network security.
Currently, you can create only one isolation group on an S3100-52P Ethernet switch. The number of Ethernet ports in an isolation group is not limited.
& Note:
l An isolation group only isolates the member ports in it.
l Port isolation is independent of VLAN configuration.
1.2 Port Isolation Configuration
You can perform the following operations to add an Ethernet ports to an isolation group, thus isolating Layer 2 and Layer 3 data among the ports in the isolation group.
Follow these steps to configure port isolation:
|
To do … |
Use the command … |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter Ethernet port view |
interface interface-type interface-number |
— |
|
Add the Ethernet port to the isolation group |
port isolate |
Required By default, an isolation group contains no port. |
& Note:
l When a member port of an aggregation group joins/leaves an isolation group, the other ports in the same aggregation group on the local unit will join/leave the isolation group at the same time.
l For ports that belong to an aggregation group and an isolation group simultaneously, removing a port from the aggregation group has no effect on the other ports. That is, the rest ports remain in the aggregation group and the isolation group.
l Ports that belong to an aggregation group and an isolation group simultaneously are still isolated even when you remove the aggregation group in system view.
l Adding a port of an isolation group to an aggregation group causes all the ports in the aggregation group being added to the isolation group.
1.3 Displaying and Maintaining Port Isolation Configuration
|
To do … |
Use the command … |
Remarks |
|
Display information about the Ethernet ports added to the isolation group |
display isolate port |
Available in any view |
1.4 Port Isolation Configuration Example
I. Network requirements
l PC2, PC3 and PC4 connect to the switch ports Ethernet1/0/2, Ethernet1/0/3, and Ethernet1/0/4 respectively.
l The switch connects to the Internet through Ethernet1/0/1.
l It is desired that PC2, PC3 and PC4 are isolated from each other so that they cannot communicate with each other.
II. Network diagram
Figure 1-1 Network diagram for port isolation configuration
III. Configuration procedure
# Add Ethernet1/0/2, Ethernet1/0/3, and Ethernet1/0/4 to the isolation group.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface ethernet1/0/2
[Sysname-Ethernet1/0/2] port isolate
[Sysname-Ethernet1/0/2] quit
[Sysname] interface ethernet1/0/3
[Sysname-Ethernet1/0/3] port isolate
[Sysname-Ethernet1/0/3] quit
[Sysname] interface ethernet1/0/4
[Sysname-Ethernet1/0/4] port isolate
[Sysname-Ethernet1/0/4] quit
[Sysname] quit
# Display information about the ports in the isolation group.
<Sysname> display isolate port
Isolated port(s) on UNIT 1:
Ethernet1/0/2, Ethernet1/0/3, Ethernet1/0/4
